feat(porkbun): switch to global variables for keys
- Introduce 2 global variables with API keys - Remove redundant role that only installs one config file used by another role - Use the said global variables within DDNS and Certbot roles - Create the config file in the role that uses it (Certbot) Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
2039bf6570
commit
8454780c92
8 changed files with 15 additions and 22 deletions
|
@ -27,6 +27,11 @@ hashicorp_vault_address: None
|
||||||
# Address of the Vaultwarden instance
|
# Address of the Vaultwarden instance
|
||||||
vaultwarden_address: None
|
vaultwarden_address: None
|
||||||
|
|
||||||
|
# Porkbun ‹apikey› and ‹secretapikey› that are used by Certbot (SSL/TLS renewal)
|
||||||
|
# and DDNS (updating DNS records)
|
||||||
|
porkbun_apikey: None
|
||||||
|
porkbun_secretapikey: None
|
||||||
|
|
||||||
# Public ID tied to the Yubikey OTP
|
# Public ID tied to the Yubikey OTP
|
||||||
yubikey_token_id: None
|
yubikey_token_id: None
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,12 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
|
- name: Create the file with Porkbun secrets
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/porkbun.ini
|
||||||
|
dest: /etc/porkbun.ini
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
- name: Install the Porkbun Certbot container definition (quadlet)
|
- name: Install the Porkbun Certbot container definition (quadlet)
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/certbot.container
|
src: templates/certbot.container
|
||||||
|
|
2
roles/certbot/templates/porkbun.ini
Normal file
2
roles/certbot/templates/porkbun.ini
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
dns_porkbun_key={{ porkbun_apikey }}
|
||||||
|
dns_porkbun_secret={{ porkbun_secretapikey }}
|
|
@ -4,9 +4,3 @@ ddns_domain: None
|
||||||
|
|
||||||
# List of all subdomains on the said domain for which the IP should be set
|
# List of all subdomains on the said domain for which the IP should be set
|
||||||
ddns_subdomains: []
|
ddns_subdomains: []
|
||||||
|
|
||||||
# ‹apikey› provided by Porkbun
|
|
||||||
ddns_porkbun_apikey: None
|
|
||||||
|
|
||||||
# ‹secretapikey› provided by Porkbun
|
|
||||||
ddns_porkbun_secretapikey: None
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
DOMAIN={{ ddns_domain }}
|
DOMAIN={{ ddns_domain }}
|
||||||
SUBDOMAINS={{ ','.join(ddns_subdomains) }}
|
SUBDOMAINS={{ ','.join(ddns_subdomains) }}
|
||||||
APIKEY={{ ddns_porkbun_apikey }}
|
APIKEY={{ porkbun_apikey }}
|
||||||
SECRETAPIKEY={{ ddns_porkbun_secretapikey }}
|
SECRETAPIKEY={{ porkbun_secretapikey }}
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
# ‹apikey› provided by Porkbun
|
|
||||||
porkbun_key: None
|
|
||||||
|
|
||||||
# ‹secretapikey› provided by Porkbun
|
|
||||||
porkbun_secret: None
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Create the file with Porkbun secrets
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: templates/porkbun.ini
|
|
||||||
dest: /etc/porkbun.ini
|
|
||||||
mode: 0600
|
|
|
@ -1,2 +0,0 @@
|
||||||
dns_porkbun_key={{ porkbun_key }}
|
|
||||||
dns_porkbun_secret={{ porkbun_secret }}
|
|
Loading…
Reference in a new issue